dacs.doc electric

 

Lessons Learned Moving
to Server 2003

By Jim Scheef

 

Computer upgrades are a source for many of the questions and much discussion during the Random Access sessions at our monthly general meetings. Over the years, Microsoft has gradually improved the upgrade process making it relatively simple. If all you have on your machine is Windows with no applications or data then the upgrade process is a piece of cake! Of course that is not reality and the whole point of upgrading a machine is to preserve the applications and data, and the server at the DACS Resource Center (RC) was no exception. So we set out to upgrade our server from Windows 2000 Server to Windows Server 2003 Enterprise Edition.

Here are the requirements we set for our move:

  1. Originally the RC server had been set up to boot multiple operating systems. We needed to eliminate this and move the operating system to the primary partition.
  2. Our goal was to make the completed server as secure as possible. These two requirements meant that we had to do a clean install rather than an upgrade in place.
  3. The RC server runs a simple email server for the dacs.org domain. We had to move this
    application and not lose any configuration data. We also could not be down for more than a day or we would start to lose email messages.
  4. Several SIGs had small amounts of data on the server and we did not want to lose any of that.
  5. The server provides DHCP (automatic IP addresses) and DNS (domain name service) for the Resource Center network. We had to move this functionality.
  6. Lastly, we did not want to lose the user accounts, passwords and related security information that was contained in Active Directory on the existing server.

Our primary requirement was to learn the upgrade process. DACS is an educational organization
and this was an opportunity to learn about the new Microsoft server operating system. And
besides, I didn't want to do it alone!

The group that did the upgrade became known as the Server 2003 SIG. In reality it was a spin-off
from the Server and Networking SIG. Six meetings were scheduled during October. At our first
meeting, we inventoried the server for applications and services to move. Next we determined
what we needed to install on the "new" server and how we would accomplish that. We wrestled
with how to preserve the existing data during the move.

While we "practiced" the Server 2003 installation process on my laptop, we realized that the
whole process could be vastly simplified by temporarily moving everything to another machine
(like my laptop) and then moving it back. This seemingly obvious solution is not as simple as it
first appears. Here are the major steps we determined we needed to do the job:

  1. Install Server 2003 on my laptop and make it a "member server" on the old domain.
  2. Run ADPREP (Active Directory preparation program) to update the Win2k AD to the
    structure needed for the Server 2003 AD. This is a two step process.
  3. Run DCPROMO (domain controller promotion) on my laptop to install AD. As part of this
    process, the AD data is replicated to the new domain controller with one important exception
    that we'll talk about in a minute.
  4. Copy any needed application data and configuration information to the laptop making paper
    backups whenever possible.
  5. Run DCPROMO on the old server to remove AD and remove it from the domain. This forces all remaining AD data over to the laptop (now the only domain controller in the domain).
  6. Reformat the old server and install Server 2003.
  7. Make the new server a member server on the domain.
  8. Perform steps 3, 4 and 5 on the "new" server to create the new domain controller and replicate AD back to the server from the laptop.
  9. Reinstall the applications and services on the new server.
  10. Run DCPROMO on the laptop to remove AD and force all remaining AD information back
    to the server.

Had we followed these steps, I am convinced we would have been completely successful. Would
have been? Well, yes, we failed to meet requirement #6 and lost all of the user accounts and
other AD data. In our haste, we skipped step #5 and lost part of the AD data. As a result, the AD
on the new server could not function properly.

The primary reason for our failure was that we did not write the steps down before we started.
The process seemed simple enough and we had rehearsed everything we could. OK, we got over
confident and as a result we screwed up. I was pushing the key strokes at the time, so really it
was my fault.

Active Directory (AD) is the application that manages all of the resources users, computers,
printers, etc on a Microsoft Windows network. When a user or machine on the network tries to
access or use a resource, it is AD that checks to see if the user has the rights or permissions
needed to use the resource. Since a new resource can be added from anywhere on the network
(any domain controller and a large organization could have hundreds), AD needs a way to ensure
that a resource is added only once. It does this in the Global Catalog. In a domain a simple as
ours, there is only one global catalog. When we missed step #5, the global catalog was destroyed.
As a result we could not add new users or anything else to AD on the laptop. At this point we
knew we had lost the AD and were forced to create a new one.

We did have our paper backups so we knew the user account names (all nine of them). The task
of typing them in was not too onerous. The biggest loss was to our pride. Because of this I will
not name the other two DACS members who were there helping with the process.

The current status is that the "new" server has been up and running without any problems for
almost three weeks. We still need a few finishing touches, like new CD burning software, but the
server is performing its primary functions perfectly. We now have the opportunity to learn more
about Server 2003 how it is configured and managed. Come to any of the networking-related
SIGs Server and Networking, Linux, and Advanced OS to learn more.


Jim Scheef is President of DACS.

BackHomeNext